ExtremeSwitching (EXOS)

 View Only
  • 1.  Netlogin with AP on G1's, before AP Aware?

    Posted 12-30-2021 17:13
    Hi,

    Before the onset of G2 switches with policy and the ability to utilise AP Aware, I remember seeing an article that configured netlogin to simulate it?

    In essence it replicates what AP Aware does on the switch and allows authentication to be performed on just the AP and not all end-systems coming through it.

    Have tried to track down the information but been struggling.

    Hoping someone might remember and point me in the right direction.

    Many thanks in advance.


  • 2.  RE: Netlogin with AP on G1's, before AP Aware?

    Posted 01-26-2022 12:58
    Hi Martin,

    Did you succeed to do "AP Aware" without policy profile on EXOS ?

    I'm trying to do the same thing but I don't know how to do this without Policy Profile.
    As Policy Profile disable some netlogin features (Radius enforcement Vlan) and is limited to 64 profiles, I'm not sure this is the right way to handle AP auth and Wireless end-systems Auth.

    Thanks !


  • 3.  RE: Netlogin with AP on G1's, before AP Aware?

    Posted 01-26-2022 13:21
    Hi David,

    Apologies, not found the solution yet.

    Pretty sure there was a GTAC article on it, even somewhere in my notes, but extensive searching has not turned anything up yet.

    If I find out will post straight away.

    Thanks,

    Martin


  • 4.  RE: Netlogin with AP on G1's, before AP Aware?

    Posted 01-27-2022 03:44

    Thank you for your quick reply.

    So AP cannot be connected to a netlogin port, as auth-override is not possible without policy profile ?




  • 5.  RE: Netlogin with AP on G1's, before AP Aware?

    Posted 01-27-2022 04:53
    Hi David,

    It can, the issue is without AP Aware (Auth-Override) and you have a bridge@AP topology, any authentication taking place on the AP will also get authenticated again on the switch port.

    Had another good look around, but not got much further.

    Not sure if the answer is within this command:

    configure netlogin ports [all | port_list] [allowed-users allowed_users | authentication mode [optional | required] | trap [all-traps | no-traps |[{success} {failed} {terminated} {max-reached}]]]

    Where possibly you can set the allowed-users to 1? Not sure if that will be the AP itself, which is all you really want.

    Maybe worth a go, and look at the netlogin sessions to see if it is as expected?



  • 6.  RE: Netlogin with AP on G1's, before AP Aware?

    Posted 01-27-2022 05:41
    Yes, I'm using Wing AP with local-bridging (VX9000 CTRL) so authentication takes place on the AP (dot1x, web-based/dot1x).

    We would like to put AP anywhere on the 5420 switch.

    If we limit allowed-users to 1 on every port, VoIP Phones + Computer might not work.

    I'm doing some tests on labs... I'll let you know if I found a good configuration.